Changeset bd6591f in mod_gnutls for doc/mod_gnutls_manual.mdwn
- Timestamp:
- Jul 5, 2017, 12:48:44 PM (6 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, master, proxy-ticket, upstream
- Children:
- f4deac5
- Parents:
- a2b4ab6
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
doc/mod_gnutls_manual.mdwn
ra2b4ab6 rbd6591f 178 178 ### GnuTLSDHFile 179 179 180 Set to the PKCS \#3 encoded DiffieHellman parameters180 Use the provided PKCS \#3 encoded Diffie-Hellman parameters 181 181 182 182 GnuTLSDHFile FILEPATH … … 185 185 Context: server config, virtual host 186 186 187 Takes an absolute or relative path to a PKCS \#3 encoded DH 188 parameters.Those are used when the DHE key exchange method is enabled. 189 You can generate this file using `certtool --generate-dh-params --bits 190 2048`. If not set `mod_gnutls` will use the included parameters. 187 By default, `mod_gnutls` uses the DH parameters included with GnuTLS 188 corresponding to the security level of the configured private keys if 189 compiled with GnuTLS 3.5.6 or newer, and the ffdhe2048 DH group as 190 defined in RFC 7919, Appendix A.1 otherwise. 191 192 If you need to use different DH parameters, you can provide a PEM file 193 containing them in PKCS \#3 encoding using this option. Please see the 194 "[Parameter 195 generation](https://gnutls.org/manual/html_node/Parameter-generation.html)" 196 section of the GnuTLS documentation for a short discussion of the 197 security implications. 191 198 192 199 ### GnuTLSPriorities
Note: See TracChangeset
for help on using the changeset viewer.